Skip to content

mrphrazer/r2con2021_deobfuscation

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

mrphrazermrphrazer
Merge pull request #1 from Fare9/main
Oct 20, 2021
2391a7c · Oct 20, 2021

History

9 Commits
miasm @ 5522eb0
miasm @ 5522eb0
Sep 29, 2021
samples
samples
Sep 29, 2021
tracer
tracer
Oct 10, 2021
.gitignore
.gitignore
Sep 19, 2021
.gitmodules
.gitmodules
Sep 29, 2021
LICENSE
LICENSE
Sep 19, 2021
README.md
README.md
Sep 30, 2021
follow_execution_flow.py
follow_execution_flow.py
Sep 29, 2021
slides.pdf
slides.pdf
Sep 30, 2021
symbolic_execution.py
symbolic_execution.py
Sep 29, 2021
vm_disassembler.py
vm_disassembler.py
Sep 29, 2021
vm_disassembler_final.py
vm_disassembler_final.py
Sep 29, 2021

Repository files navigation

Analysis of Virtualization-based Obfuscation

This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We give a brief introduction into virtualization-based obfuscation and manually analyze a simple VM generated by Tigress. Afterward, we use symbolic execution to automate the analysis and write a dynamic VM disassembler that is based on Miasm.

The recording is available here.

Installation

# on debian/ubuntu based systems:
sudo apt-get install python-dev

# clone repository and init submodules
git clone https://github.com/mrphrazer/r2con2021_deobfuscation.git
cd r2con2021_deobfuscation
git submodule update --init --rebase --recursive

# install miasm
cd miasm
pip install -r requirements.txt
pip install .
cd ..

Contact

For more information, contact Tim Blazytko (@mr_phrazer).

About

Workshop Material on VM-based Deobfuscation

Topics

deobfuscation reversing

Resources

Readme

License

GPL-3.0 license
Activity

Stars

181 stars

Watchers

11 watching

Forks

32 forks
Report repository

Contributors 2

Languages